• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 4
  • 2
  • 1
  • 1
  • 1
  • 1
  • 1
  • Tagged with
  • 8
  • 6
  • 4
  • 4
  • 3
  • 3
  • 3
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
1

Cloud computing technology framework and reducing risks / Cloud computing technology framework and reducing risks

Akrir, Khaled Ali Ahmed January 2015 (has links)
The thesis investigates, in a qualitative way, the vectors that contribute to cloud computing risks in the areas of security, business, and compliance. The focus of this research is on the identification of risk vectors that affect cloud computing and the creation of a framework that can help IT managers in their cloud adoption process. Economic pressures on businesses are creating a demand for an alternative delivery of the model that can provide flexible payments, dramatic cuts in capital investment, and reductions in operational cost. Cloud computing is positioned to take advantage of these economic pressures with low cost IT services and a flexible payment model, but at what risk to the business? Security concerns about cloud computing are heightened and fueled by misconceptions related to security and compliance risks. Unfortunately, these security concerns are seldom, expressed quantifiably. To bring clarity to cloud computing security, compliance, and business risks, this research focuses on a qualitative analysis of risk vectors drawn from one-on-one interviews with top IT experts selected. The qualitative aspect of this research separates facts from unfounded suspicions, and creates a framework that can help align perceived risks of cloud computing with actual risks. The qualitative research was done through interviews with experts and through the survey to measure risk perceptions about cloud computing using a Likert scale. The decision-making model and the framework created by this research help to rationalize the risk vectors on cloud environments and recommend reducing strategies to bring the IT industry one step closer to a clearer understanding of the risks-tradeoffs implications of cloud computing environments.
2

Identifiering och Utnyttjande av Sårbarheter hos en IP-Kamera / Identification and Exploitation of Vulnerabilities in an IP-Camera

Fjellborg, Joakim January 2021 (has links)
Idag blir det vanligare och vanligare att system såsom kameror eller kylskåp är eller har kapabiliteten att vara anslutna till internet och kommunicera över nätet av sig själva, så kallade IoT-system. Att ett system är anslutet till internet innebär att risken för angrepp på systemet ökar, och att systemet, om infekterat, har potentialen att kommunicera med omvärlden för att exempelvis utföra denial-of-service-attacker. Detta examensarbete undersöker säkerheten hos en internetansluten kamera (IP-kamera). Målet är att identifiera sårbarheter, och om möjligt, utveckla angrepp som utnyttjar sårbarheter hos kameran, för att testa säkerheten hos systemet. Resultatet visar att systemet är sårbart för ett antal olika angrepp, främst man-in-the-middle och cross-site-request-forgery. / Today systems such as cameras or fridges with the capability of being connected to the internet and communicating without human intervention are becoming increasingly common, so called IoT-systems. A system being connected to the internet means that the system’s attack surface is increased, and the system can, if infected, be used by the attacker to communicate with the outside world to perform denial-of-service- or other types of attacks. This thesis examines the security of an internet connected security camera, (IP-camera). The aim is to identify vulnerabilities in the system, and if possible to develop attacks that exploit these vulnerabilities in the goal of evaluating the security of the system. The results show that the system is vulnerable to some attacks, mainly including man-in-the-middle aswell as cross-site-request-forgery based attacks.
3

Webbsäkerhet och vanliga brister : kunskapsläget bland utvecklare / Web security and common shortfalls : the state of knowledge among developers

Strandberg, Jane, Lyckne, Mattias January 2014 (has links)
This bachelor thesis looks at developers knowledge about web security both regarding their own view on their knowledge and their actual knowledge about vulnerabilities and how you mitigate against them. Web developers knowledge regarding web security are becoming more and more important as more applications and services moves to the web and more and more items become connected to the internet. We are doing this by conducting a survey among developers that are currently studying in the field or are working in the field to get a grip on how the knowledge is regarding the most common security concepts. What we saw was that the result varies between the different concepts and many lack much of the knowledge in web security that is getting increasingly more important to have.
4

Investigation of home router security

Karamanos, Emmanouil January 2010 (has links)
Home routers are common in every household that has some kind of Internet connectivity. These embedded devices are running services such as web, file and DHCP server. Even though they have the same security issues as regular computers, they do no run protection software such as anti-virus and they are not updated. Moreover, the importance of these devices is misjudged; all network traffic is passing through them and they control the DNS of the network while, in most cases, they are on-line around the clock. When more and more non-Internet features are implemented into home routers, such as Voice over IP and network storage, their role becomes more special and many security concerns are raising. In this thesis, we investigate the issues resulting from this special role; the importance for these devices to be secure, the attacking vector and how the devices can be compromised to be part of a large home router botnet. We conclude by proposing ways to make the current implementation more secure, suggesting ways to protect routers from botnets without user interaction, that is from the ISP, while respecting the privacy of the end user and we identify what future work needs to be done. / Router är vanliga i hem som har någon slags Internet anslutning. De här inbyggda enheter kör tjänster som t.ex. web, file och DHCP basenheter. Fastän de har samma säkerhetsfrågor som vanliga datorer, så kan de inte använda säkerhets mjukvara som t.ex anti-virus och de är inte uppdaterade. Dessutom har betydelsen av de här apparaterna blivit felbedömmat; hela nätverket passerar genom dem och de kontrolerar nätverkets DNS medan, i de flesta fall, de är on-line dygnet runt. Men, när mer och mer icke-Internet lockvaror fars in i routern, som t.ex Voice över IP och nätverkslagring, blir deras roll viktigare och oron för säkerheten växer. I den här avhandlingen utforskars problemen och frågorna som efterföljer deras speciella roll, hur viktigt det är att de här apparaterna är skyddade, (the attacking vector) och hur de här apparaterna kan bli jämkningad för att bli en del av ett stort router botnet. Vi avsluter med att lägga fram sätt att göra det nuvarande verktyget mer skyddat, föreslå sätt att skydda routern från botnet utan användarinteraktion, som kommer från ISP, medan man respekterar det andra användarens privtaliv och markera vad som behövs ändras i framtiden.
5

Analysis of Oauth and CORS vulnerabilities in the wild

Arshad, Elham 06 December 2022 (has links)
Thanks to the wide range of features offered by the World Wide Web (WWW), many web applications have been published and developed through different libraries and programming languages. Adapting to new changes, the Web quickly evolved into a complex ecosystem, introducing many security problems to its users. To solve these problems, instead of re-designing the Web, the vendors added the security patches (protocols, mechanisms)to the Web platform to provide a more convenient and more secure environment for web users. However, not only did these patches not completely resolve the security problems, but their implementations also introduced other security risks unbeknownst to website operators and users. In this thesis, I propose a novel research on two different security patches to understand and analyze their deployment in real-world scenarios and discover the unseen, neglected factors and the elements involved in exploiting their use: one security protocol, OAuth, and one security mechanism, CORS. As this thesis is based on offensive approaches, I develop automated methodologies, including novel strategies for analyzing and measuring the security qualities of the OAuth protocol and CORS mechanism in real-world scenarios.
6

Penetration Testing in a Web Application Environment

Vernersson, Susanne January 2010 (has links)
As the use of web applications is increasing among a number of different industries, many companies turn to online applications to promote their services. Companies see the great advantages with web applications such as convenience, low costs and little need of additional hardware or software configuration. Meanwhile, the threats against web applications are scaling up where the attacker is not in need of much experience or knowledge to hack a poorly secured web application as the service easily can be accessed over the Internet. While common attacks such as cross-site scripting and SQL injection are still around and very much in use since a number of years, the hacker community constantly discovers new exploits making businesses in need of higher security. Penetration testing is a method used to estimate the security of a computer system, network or web application. The aim is to reveal possible vulnerabilities that could be exploited by a malicious attacker and suggest solutions to the given problem at hand. With the right security fixes, a business system can go from being a threat to its users’ sensitive data to a secure and functional platform with just a few adjustments. This thesis aims to help the IT security consultants at Combitech AB with detecting and securing the most common web application exploits that companies suffer from today. By providing Combitech with safe and easy methods to discover and fix the top security deficiencies, the restricted time spent at a client due to budget concerns can be made more efficient thanks to improvements in the internal testing methodology. The project can additionally be of interest to teachers, students and developers who want to know more about web application testing and security as well as common exploit scenarios.
7

Μέθοδοι προστασίας ιστοσελίδων στο διαδίκτυο

Μπαλαφούτης, Χρήστος 19 October 2012 (has links)
Στην παρούσα διπλωματική εργασία παρουσιάζονται βασικές έννοιες και μέθοδοι για την ασφάλεια ιστοσελίδων και ιδιαίτερα των site με web application προσανατολισμό, χωρίς αυτό να σημαίνει ότι αρκετές τεχνικές προστασίας και σφάλματα που θα εντοπίσουμε δεν μπορούν να συναντηθούν και σε άλλου σκοπού ιστοσελίδες. Αρχικά, γίνεται αναφορά στο τι είναι μια εφαρμογή ιστού (web app) και ποια είναι τα στοιχεία που την αποτελούν. Στη συνέχεια, χρησιμοποιώντας έρευνες, παρουσιάζονται κάποιες από τις πιο “δημοφιλείς” επιθέσεις που γίνονται σε ιστοσελίδες και περιγράφεται πιο διεξοδικά ποια αδύνατα σημεία της δομής των ιστοσελίδων εκμεταλλεύονται. Παράλληλα, γίνεται αναφορά στο πως και με ποια εργαλεία μπορούμε να εντοπίσουμε και να κλείσουμε τα κενά ασφαλείας που τυχόν έχει μία εφαρμογή ιστού. Τέλος, παρουσιάζεται η εφαρμογή που αναπτύχθηκε στα πλαίσια της εργασίας με σκοπό να γίνει επίδειξη συγκεκριμένων επιθέσεων και σφαλμάτων που παρατηρούνται στο διαδίκτυο. / In the following pages basic principals and methods are presented in order to secure websites and web applications. I begin by mentioning what is a web application. Moreover, by using statistics and recent researches from various sources i mention the most common web app attack methods and which vulnerabilities can be found in a web app and how to prevent exploiting, something we can accomplish by using various penetration testing tools. Finally, by using a basic web app some web attacks are shown so that it will become more clear how these attacks work.
8

Generating web applications containing XSS and CSRF vulnerabilities

Ahlberg, Gustav January 2014 (has links)
Most of the people in the industrial world are using several web applications every day. Many of those web applications contain vulnerabilities that can allow attackers to steal sensitive data from the web application's users. One way to detect these vulnerabilities is to have a penetration tester examine the web application. A common way to train penetration testers to find vulnerabilities is to challenge them with realistic web applications that contain vulnerabilities. The penetration tester's assignment is to try to locate and exploit the vulnerabilities in the web application. Training on the same web application twice will not provide any new challenges to the penetration tester, because the penetration tester already knows how to exploit all the vulnerabilities in the web application. Therefore, a vast number of web applications and variants of web applications are needed to train on. This thesis describes a tool designed and developed to automatically generate vulnerable web applications. First a web application is prepared, so that the tool can generate a vulnerable version of the web application. The tool injects Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF) vulnerabilities in prepared web applications. Different variations of the same vulnerability can also be injected, so that different methods are needed to exploit the vulnerability depending on the variation. A purpose of the tool is that it should generate web applications which shall be used to train penetration testers, and some of the vulnerabilities the tool can inject, cannot be detected by current free web application vulnerability scanners, and would thus need to be detected by a penetration tester. To inject the vulnerabilities, the tool uses abstract syntax trees and taint analysis to detect where vulnerabilities can be injected in the prepared web applications. Tests confirm that web application vulnerability scanners cannot find all the vulnerabilities on the web applications which have been generated by the tool.

Page generated in 0.0609 seconds